[tor-dev] Draft Proposal for BridgeDB IPv6 Support

[Robert Ransom]

On 2011-12-06, Aaron <aagbsn at extc.org> wrote:

>         How does IPv6 affect address datamining of https distribution?
>           A user may be allocated a /128, or a /64.
>           An adversary may control a /32 or perhaps larger
>           Proposal: Enable reCAPTCHA support by default.

How much would it cost China to have 1000 (or even 10000) CAPTCHAs
solved?  How much of our bridge pool would such an attack obtain?

>         How do IPv6 addresses work with the IPBasedDistributor?
>         #XXX: I need feedback on this
>         # do we use all 128 bits here?
>         # upper N bits? lower N bits? random or specific N bits?

I doubt that a single prefix length would be appropriate for all
networks.  There is no point in using a fixed bitmask other than a
prefix; even if we do not publish the mask, an attacker can easily
determine which bits within the suffix that it controls are used to
select a portion of the bridge pool.  A more complex mapping of IP
addresses to bridge pool locations might work.


Robert Ransom